On Thu, Feb 06, Michael Hirmke wrote:
So I change the defaults to suit my needs by
dropping a file to /etc.
Months later, the defaults change again. How do I see what are the new
defaults, how do I notice that I have to change the file in /etc again?
that is my main concern.
I would really suggest to read the openSUSE wiki documentation,
reading documentation really helps and saves more work than it is
to read it.
You have the distribution default in /usr/etc
You have your own "change" in /etc.
If we take login.defs as example:
/usr/etc/login.defs uses for NIS DES.
You create a file like /etc/login.defs.d/crypt.defs and changes
the default to SHA512.
You have in /etc/ only the variable with SHA512, nothing else.
You can lookup everytime in /usr/etc/login.defs what the current default
is. But you don't need to care.
If you we look at it for Leap:
You have /etc/login.defs
You change the hash for NIS from DES to SHA512.
We update that file.
You get a *.rpmnew file, and until you notice this and fixes
it, all changed password will use the insecure DES hash!
This can not happen today on Tumbleweed anymore!
And if we take the /usr/etc/services example:
Your /etc/services file contains only your change, nothing more.
If there is an update, you don't need to manual merge them, it's done
automatically for you by glibc.
Of course, you can copy /usr/etc/services to /etc/services and modify
that. In this case, you can diff /etc/services against /usr/etc/services
and you will get the same result as today by diffing /etc/services
against /etc/services.rpmnew. No change, only other path.
But this doesn't make much sense as you would get a lot of duplicate
If I understood correctly, an rpm package should drop
the config files
to /usr/etc, while an admin or a distribution can save altered or own
config files to /etc.
He should save the modified/new entries there, not a copy of the whole
Applications/services will follow nsswitch.conf and
for existance. If the file is found, it will be used. If not,
/usr/etc/whatever will be used.
No, completly wrong. If you use nsswitch.conf, it will be merged.
If this is correct, lets assume we have
whatever.rpm. Me as an admin copies that file to /etc and modifies
everything which seems to be necessary for my system.
The next update for whatever.rpm contains a change for /usr/etc/whatever
- maybe security relevant or even crucial for the system to come up.
On the next boot, whatever will still read and use /etc/whatever and
will either fail or use unsecure settings.
If that would be the case (and most likely will for some applications
and their configuration files in the future), you are right and the
result is exaclty the same as today.
Will anything tell me, that I will run into this
The problem is the same as today for you, absolut no difference. If
there will be a change, we have ideas for a tool to display the changes.
Which would mean, it's even in that case better than today!
But up to now, it's not needed.
Because now I
meld /etc/configfile /etc/configfile.rpmnew
and instantly I see what is new and I can decide
to use it or not,
entry by entry.
meld /etc/configfile /usr/etc/configfile?
Where's the problem?
Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & MicroOS
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany
Managing Director: Felix Imendoerffer (HRB 36809, AG Nürnberg)
To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org